Home/ Blog/ How to Write a Job Hazard Analysis

How to Write a Job Hazard Analysis (JHA): A Step-by-Step Guide

A job hazard analysis (JHA) — also called a job safety analysis (JSA) — is a structured way of examining a task, spotting the things that could hurt someone, and deciding what to do about them before the work starts. Done well, it's one of the highest-leverage documents in your safety system. Done badly, it's a form someone copy-pastes from last year and nobody reads.

This guide walks through a practical six-step method you can apply to any task today, plus the mistakes that get JHAs flagged in an audit.

What a job hazard analysis actually is

A JHA breaks a job down into its individual steps, identifies the hazards associated with each step, and specifies the controls that reduce the risk to an acceptable level. It answers three questions for every step of a task:

  • What could go wrong here? (the hazard)
  • How bad could it be, and how likely? (the risk)
  • What are we doing about it? (the control)

It is not the same as a risk assessment of a whole area or process — a JHA is task-focused and granular. It's the level at which real injuries happen.

JHA vs JSA — is there a difference? In practice, no. OSHA uses "job hazard analysis"; many organisations say "job safety analysis." Some teams use JSA for a quick pre-task check and JHA for the fuller documented version, but the method is identical. Use whichever term your management system already uses and stay consistent.

Step 1 — Choose and prioritise the job

You can't analyse every task at once, so start where the risk is highest. Prioritise jobs with:

  • A history of incidents, near misses, or injuries
  • The potential for severe harm even if incidents are rare (confined space, work at height, energised systems)
  • New or recently changed processes, equipment, or materials
  • Complex sequences where a missed step has consequences

Define the boundaries of the job clearly: where it starts, where it ends, and what's included. "Replace pump P-204" is analysable. "Maintenance" is not.

Step 2 — Break the job into steps

List the job as a sequence of steps in the order they're performed. Aim for the level where each step is a distinct action — typically 8–15 steps for most tasks. Too few and you'll hide hazards inside vague steps; too many and the analysis becomes unusable.

Describe what is done, not how. "Isolate the electrical supply" is a step. Watch the actual job being done, or walk it through with the people who do it — desk-written step lists miss the workarounds and shortcuts that cause real incidents.

Step 3 — Identify the hazards in each step

For every step, ask what could cause harm. Work through hazard categories so you don't rely on memory alone:

CategoryExamples
MechanicalMoving parts, crushing, entanglement, stored energy
GravityFalls from height, falling objects, slips and trips
ElectricalLive conductors, arc flash, static
ChemicalToxic, corrosive, flammable substances; exposure routes
PhysicalNoise, vibration, heat, cold, radiation
ErgonomicManual handling, repetitive motion, awkward posture
EnvironmentalConfined space, poor visibility, weather, oxygen deficiency

Be specific. "Chemical hazard" is weak. "Exposure to hydrogen sulphide when opening the tank hatch" tells you what control you need.

Step 4 — Assess the risk

For each hazard, estimate the risk so you can prioritise controls. The most common approach is a severity × likelihood matrix — typically 5×5 — giving a score you can rank and threshold.

 Severity 1Severity 3Severity 5
Likelihood 55 — Low15 — High25 — Extreme
Likelihood 33 — Low9 — Medium15 — High
Likelihood 11 — Low3 — Low5 — Low

Score the risk twice: once before controls (inherent risk) and once after the controls you plan to apply (residual risk). The gap between them is the evidence that your controls actually do something — and it's exactly what an auditor looks for.

Step 5 — Assign controls using the hierarchy

Not all controls are equal. Apply the hierarchy of controls, working from most effective to least, and prefer higher-order controls wherever practicable:

  1. Elimination — remove the hazard entirely (do the job a different way)
  2. Substitution — replace it with something less hazardous
  3. Engineering controls — isolate people from the hazard (guarding, ventilation, interlocks)
  4. Administrative controls — procedures, permits, training, signage
  5. PPE — the last line of defence, not the first

A JHA that solves everything with "wear gloves and be careful" is a red flag. If every control sits at the bottom of the hierarchy, you haven't finished the analysis.

Ground controls in your own procedures. The strongest JHAs reference the organisation's own SOPs and work instructions, and PPE matrices — not generic boilerplate. This is exactly what ENSURE's JHA module does: its AI suggests hazards and controls grounded in the documents you've already uploaded. When a control cites "SOP-014: Confined Space Entry," a reviewer can trace exactly where it came from, and the worker gets guidance that matches how your site actually operates.

Step 6 — Review, communicate, and keep it live

A JHA is only useful if it reaches the people doing the work and stays current. Before the job:

  • Have a competent person review and approve it
  • Walk through it with the crew as part of the pre-task briefing
  • Link it to the permit to work, if the task requires one

Then treat it as a living document. Review it when the task, equipment, or materials change, after any incident or near miss involving the task, and on a scheduled cycle (annually is common). A JHA filed and forgotten is worth nothing.

Common mistakes that get JHAs flagged

  • Written without the workers. The people who do the job know the steps you'll miss.
  • Steps too vague. "Set up equipment" hides five hazards.
  • Controls all at the bottom of the hierarchy. PPE-only analyses rarely reduce real risk.
  • No residual scoring. Without a before-and-after, you can't show the controls work.
  • Never reviewed. A JHA dated three years ago, on a process that has since changed, is an audit finding waiting to happen.

A quick worked example

Task: Changing a grinding wheel on a bench grinder.

StepHazardControl
Isolate the grinderUnexpected start-upLock-out/tag-out; verify zero energy (engineering + admin)
Remove the guard and old wheelCuts from wheel edge; residual rotationCut-resistant gloves; confirm wheel stationary (PPE + admin)
Fit the new wheelWheel burst from wrong size/damageRing-test wheel; match rated speed to grinder (elimination of defective wheel)
Refit guard and test-runFragments if wheel fails on startRun for one minute standing to the side, guard closed (engineering + admin)

Write JHAs that cite your own procedures

ENSURE's JHA module suggests hazards and controls grounded in the SOPs your organisation has already uploaded — with pre- and post-control scoring and a link straight to Permit to Work. See it run on your own task in a 30-minute demo.

Book a demo See the JHA module

Keep reading

ISO 45001 Clause 6.1.2 Explained: Hazard Identification and Risk Assessment → 5 Whys vs Fishbone: Choosing the Right Root Cause Analysis Method →